Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Trustworthy Operation within Infrastructure-less Networked Embedded Systems William M. Merrill Sensoria Corporation Control-Theoretic Approaches for.

Published byBrent Nash Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Trustworthy Operation within Infrastructure-less Networked Embedded Systems William M. Merrill Sensoria Corporation Control-Theoretic Approaches for."— Presentation transcript:

1 1 Trustworthy Operation within Infrastructure-less Networked Embedded Systems William M. Merrill Sensoria Corporation Control-Theoretic Approaches for Dynamic Information Assurance Working Meeting University of California, Berkeley, CA February 5, 2003

2 2 Networked Embedded Systems Evolution Past: Embedded Platforms –Typically single process, fixed functionality –Limited collaboration with a fixed infrastructure Future: Networked Embedded Platforms –Enabler: Moore’s Law progress –Complex, high performance platforms –Diverse networking and field reconfigurability –Distributed, autonomous, and complex collaboration –Operating within enemy controlled areas New DoD challenges include –Next Generation Unattended Tactical Ground Sensors –Robotic Vehicles: UAV, UGVs, FCS… –Next Generation Autonomous Munitions: Self Healing Minefield

3 3 Dynamic Networked Embedded Systems Embedded Systems often provide dynamic connectivity –Often lack connection to an external infrastructure Any connections may be transient, unsecured, and/or non-existent Scale and application may require complete autonomy –Wireless Connections to local peers may fluctuate Mobile nodes –Peer-to-peer mobile ad-hoc networks (MANETs) Even static wireless links may change –Embedded nodes fail, are duty-cycled, or new nodes are added

4 4 Lack of an Energy Infrastructure In Remotely deployed, and wireless system the lack of an energy infrastructure dictates capability –Battery operation: limited volume and weight –Solar or energy scavenging: limited energy budget Processing is more energy efficient than communication –Where possible computation should be done locally –Communication as the highest energy burden –>R -2 propagation loss dictates links with multiple hops save energy R multihop direct

5 5 Self Healing Minefield as an Example The Self Healing Minefield (SHM) provides an example of dynamic embedded application, requiring information assurance –Planned as an autonomous system Default operational status requires no user intervention In addition must support an external query and control capability –Complex embedded system Power and size constrained –Must operate in a dynamic environment Nodes may appear/disappear at any time SHM used to illustrate considerations for information assurance in networked embedded systems

6 6 Dr. Tom Altshuler Program Manager

7 7

8 8 SHM Dynamic System Electromagnetics Acoustic Ranging Analog Sensor Interfaces Inertial Sensing Self-Assembled Networking Signal Processing Complex Distributed Computing Cooperative Ranging, Breach Detection Low Energy Systems Wireless Systems Healing Mobility

9 9 SHM Node Networked Embedded System –Volcano Mine (120 mm) –Hardware 32 bit superscalar processor 300 MIPS / 1.1 GFLOPS Wireless Acoustics Sensors Rocket motor systems (8) –Software Linux 2.4 kernel Distributed systems Over 200 simultaneous processes Fort Leonard Wood, Missouri

10 10 Network Status Geolocation Status Mapping Breach Detection Healing 1m grid

11 11 Mines Selected Mines Disabled

12 12 Autonomous Healing

13 13

14 14 SHM Robustness Within the system multiple redundancies are in place to increase robustness –Soft-state software approach enables fault tolerance Periodically update information even if not requested Enable processes to operate off the latest information with or without requesting new information Processes can communicate via language independent device file interfaces screening process interdependence –All nodes are redundant have the same capabilities Designed for a statistical response to a passing tank However previous development focus was on inadvertent information corruption not adverse attacks

15 15 Example Vulnerabilities of SHM Autonomous network self-assembly –Support the appearance and disappearance of nodes, complicating verification –Continuous connect/disconnect events Unique wireless networking issues for networked embedded systems –High loss propagation environment –Multihop network required, with possible high latency –Physical environment leads to intermittent, unpredictable operation –Variable availability, bandwidth, and latency –Communication limited by energy constraints Conventional authentication methods carry excessive payload –Physical layer jamming can impact: RF communications Acoustic ranging Operation dependent on cooperative behavior –Vulnerable to spoofing and/or DoS attacks External control and query capability desired –Users wish to clear a breach for friendly forces or collect status data Nodes operate in region controlled by opponent

16 16 Trustworthy Operation within SHM To operate effectively each node needs to measure the reliability of and define appropriate information needed To explore the vulnerabilities the current capabilities of the system must be quantified –SHM Software emulator allows evaluation of system performance Operate multiple software stack on a desktop environments Enables exploration of software vulnerabilities –Every vulnerability can not be determined but general guidelines can be developed to establish trust metrics Trust currently pre-determined –Installed at deployment Currently demonstration nodes trust anyone and any node with the capability to communicate with them Trust must evolve through experience –Enables dynamic evolution from a starting point –Requires metrics to measure trust

17 17 SHM Observability definitions for IA & S What do the nodes need to monitor and measure to support their application –Must monitor their and their neighbors capability to respond to an enemy tank Currently detected through periodic heartbeat packets including the processes operating on each node Monitor neighbors status to detect a “breach” in the field Monitor orientation and tamper status Maintain synchronization with neighbors to enable geolocation –May be utilized to coordinate response to a trust failure Monitor own and neighbors energy remaining –Or as power saving is added neighbors Monitor magnetic sensors to detect a passing tank –Each node monitors its operational processes Watch communication, processing, and memory usage

18 18 SHM Adaptability for IA & S How can nodes adapt to increase system survivability and information assurance –Local network can reform due to changing links Currently adapt if nodes appear or disappear May route around untrusted locations, nodes Network provides multiple redundant paths between most nodes –Nodes may collaborate to build or deny trust Multi-hop networks provide multiple redundant paths between nodes Each node monitoring its neighbors continuously May warn external users if detect errant nodes Increase or adapt security measures between trusted nodes –Redundant operation at multiple levels Each node includes the same capabilities System designed for graceful degradation

19 19 Summary New and fundamental tradeoffs –Energy, latency, bandwidth, payload, constraints –Increasing complexity –Unpredictable connectivity –Direct conflicts with conventional approaches –May not rely on an external infrastructure Dynamic Networked Embedded Systems –Self-Organization and Healing –Dynamic Operations –Management and Control –Reconfigurability –Energy Self-Healing Minefield offers an example embedded system requiring a high level of operational trust

Download ppt "1 Trustworthy Operation within Infrastructure-less Networked Embedded Systems William M. Merrill Sensoria Corporation Control-Theoretic Approaches for."

Similar presentations

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
6LoWPAN Extending IP to Low-Power WPAN 1 By: Shadi Janansefat CS441 Dr. Kemal Akkaya Fall 2011.

6LoWPAN Extending IP to Low-Power WPAN 1 By: Shadi Janansefat CS441 Dr. Kemal Akkaya Fall 2011.
SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.

SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Introduction to Wireless Sensor Networks

Introduction to Wireless Sensor Networks
Sensor Network 教育部資通訊科技人才培育先導型計畫. 1.Introduction General Purpose  A wireless sensor network (WSN) is a wireless network using sensors to cooperatively.

Sensor Network 教育部資通訊科技人才培育先導型計畫. 1.Introduction General Purpose  A wireless sensor network (WSN) is a wireless network using sensors to cooperatively.
CSE 5392By Dr. Donggang Liu1 CSE 5392 Sensor Network Security Introduction to Sensor Networks.

CSE 5392By Dr. Donggang Liu1 CSE 5392 Sensor Network Security Introduction to Sensor Networks.
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
Sensor Network Platforms and Tools

Sensor Network Platforms and Tools
Impala: A Middleware System for Managing Autonomic, Parallel Sensor Systems Ting Liu and Margaret Martonosi Princeton University.

Impala: A Middleware System for Managing Autonomic, Parallel Sensor Systems Ting Liu and Margaret Martonosi Princeton University.
CS 795 – Spring 2010.  “Software Systems are increasingly Situated in dynamic, mission critical settings ◦ Operational profile is dynamic, and depends.

CS 795 – Spring  “Software Systems are increasingly Situated in dynamic, mission critical settings ◦ Operational profile is dynamic, and depends.
WINS NG 2.0 Current Status and Network Assembly Sensoria Corporation Internetworking the Physical World Santa Fe, NM January 16, 2002.

WINS NG 2.0 Current Status and Network Assembly Sensoria Corporation Internetworking the Physical World Santa Fe, NM January 16, 2002.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
1 Sensor Networks and Networked Societies of Artifacts Jose Rolim University of Geneva.

1 Sensor Networks and Networked Societies of Artifacts Jose Rolim University of Geneva.
Arsitektur Jaringan Terkini

Arsitektur Jaringan Terkini
A New Household Security Robot System Based on Wireless Sensor Network Reporter :Wei-Qin Du.

A New Household Security Robot System Based on Wireless Sensor Network Reporter :Wei-Qin Du.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington

1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington
 Idit Keidar, Technion Intel Academic Seminars, February 20051 Octopus A Fault-Tolerant and Efficient Ad-hoc Routing Protocol Idit Keidar, Technion Joint.

 Idit Keidar, Technion Intel Academic Seminars, February Octopus A Fault-Tolerant and Efficient Ad-hoc Routing Protocol Idit Keidar, Technion Joint.

Similar presentations

Ads by Google